Wednesday, 26 October 2011

Newzbin Judge: studios have asked other ISPs to voluntarily block, circumstances may be different for each ISP

We knew it was coming, and today it came. A high court judge confirmed BT must block file-sharing website Newzbin2, and it must do so within 14 days.

Mr Justice Arnold sanctioned the use of BT's pre-existing blocking technology known as "Cleanfeed" to implement the block. Cleanfeed was installed to block access to a strict number of websites carrying images of child sexual abuse.

Interestingly, the Judge hinted that a different set of circumstances would need to be considered for any such ruling to apply to other ISPs (para 4). For instance, Andrew Heaney of TalkTalk argued that TalkTalk didn't use Cleenfeed. Justice Arnold responded:

"That may well have consequences for the form of any order that the Studios seek against TalkTalk; but it does not affect the order to be made against BT"

It emerged this morning that Everything Everywhere and Virgin Media also attempted to intervene by writing to the Court, following an earlier ruling in this case handed down on 28th July. The Judge said the ISPs should have applied to intervene earlier:

"I have taken into account the points made in those letters, but I have given them limited weight for the following reasons. First, I consider that those ISPs could and should have intervened in the application, or filed submissions and/or evidence, prior to the hearing on 28-29 June 2011."

The reason for the fraught action from other ISPs is perhaps apparent from (para 13):

"... the Studios are in fact in the process of trying to persuade other ISPs to submit to injunctions voluntarily"

Creep creep of blocking - IP addresses to be added on demand, process for removal?

Studios today won the right to add additional IP addresses and URLs used to access Newzbin2 without a new court order. The judge agreed the block might be too easy to circumvent without a proposal set out by the studios, and the wording of the order potentially affects sites merely linking to a Newzbin2 mirror (para 10 & 12):

"any other IP address or URL whose sole or predominant purpose is to enable or facilitate access to the Newzbin[2] website"

BT will not be responsible or required to check IP addresses and URLs notified by the studios (para 12). Any third party who creates a website with a predominant purpose of providing a link to an unblocked version of Newzbin2 could find their website on the block list.

I found no mention of the process for removing IP addresses if and when they are no longer being used for this purpose, so pity the poor soul taking on an IP address previously used for blocking; although this may be mitigated by paragraph 6, indicating blocking should be done on an IP address and URL basis. (Note: serious questions then exist if a service used encrypted HTTPS to provide access to Newzbin2, making it tricky to read the URL being requested, as the information is encrypted.)

Anyone re-using an IP address previously used to facilitate access to Newzbin2 (highly likely - IP addresses are frequently reused) will find visitors from within BT's network re-routed via Cleanfeed, but not subsequently blocked (the URL won't match - unless the new owners also re-use the website URL from the previous owner).

I found no mention of legal remedy should the studios accidentally include IP addresses and URLs that were not in strict accordance with the wording of the order.

It is however interesting to note Mr Justice Arnold takes a hard line with BT, saying that BT must apply for permission from the studios or a court order if it ever wanted to disable Cleenfeed, even temporarily, without being in breach of the order (paras 16-18)

Court Costs and Public Interest

Additionally, BT were today hit with a potentially massive legal bill after the Judge ruled BT must pay their own and the studios' legal costs in the period between 17 December 2010 to 28 July this year as the price of strongly contesting the order in vain (para 54).

But the studios were ordered to pay BTs costs up to the 16th December, with the judge ruling (para 53):

"BT was entitled to a court order for its own protection, and it was reasonable for BT to require the Studios to adduce sufficient evidence to establish both that the court had jurisdiction to make the order and that it was appropriate in the exercise of the court's discretion to do so."

This is a mixed bag. On one hand the public interest lies in oversight over which websites end up getting censored. This needs to go to a court, and I welcome the Studios picking up the tab.

Whilst the Judge points out BT makes a profit from providing an access service for content, we shouldn't forget the studios are the primary beneficiaries from content! After all, the internet is just a series of pipes(!)...

The worry lies in future orders. Would a judge order an ISP mounting a failed challenge to any future order to meet all the costs? (The jurisdiction argument in paragraph 53 will no longer apply). The public interest lies in having strict oversight of any censorship system, but there is a disincentive for ISPs to challenge orders if they then risk getting hit with massive fees.

It also opens the door for cost being used as a weapon, as a committee recently found with libel. How would a smaller ISP dare challenge an order if they will end up getting hit with a substantial costs order should they lose?

Downstream ISPs affected

Significantly, the ruling will apply to "downstream" divisions of BT, but only where Cleanfeed is provided by BT as part of that service. It is my understanding that all ISPs who rely on wholesale products from BT and chose to incorporate Cleanfeed in their package will be affected by this block (para 9):

"... the injunction should apply to all BT's services which incorporate Cleanfeed whether that is imposed on the customer or taken as an option."

I'm left wondering whether some ISPs may drop Cleanfeed altogether, removing the protection it gives end users from accidental/incidental access to illegal material.

I've asked BT for comment. They rarely do, to me, but I'll keep you posted.

Whatever downstream ISPs choose to do, rulings like this provide an incentive for millions of mainstream web users to bypass the blocks erected to prevent accidental or incidental access to illegal material.

Circumventing the blocks

A government study found no blocking technology was robust (pdf) and could be easily bypassed by determined individuals with only a smattering of technical knowledge; but, until today, very few people were determined enough to bypass BT's web filtering system.

The knowledge of how to do so was only of use to those with a very unhealthy interest in illegal websites. That's the beauty of the system of blocking overseen by the Internet Watch Foundation - its role is so tightly limited to material that is universally viewed as abhorrent and unacceptable.

There was very little disquiet about the system, and very few were shouting about how to get around it. Until now. As more websites get blocked a whole new, larger, more mainstream section of the audience will be motivated to circumvent the system.

Mr Justice Arnold in an earlier hearing agreed that blocking could be circumvented (para 193), but was not persuaded that this would make the blocking order ineffective.

One reason given was that to circumvent the block would require additional expertise (para 194). This point is highly marginal, as Dr Richard Clayton ably highlights - it only takes one motivated individual with expertise to work out how to bypass the block if that person then creates software or other tools to enable others with less experience to bypass the block.

We're then left with the question of whether the majority of internet users would be able to find such software and tools. I firmly believe they will. Social websites and mobile messaging provide great platforms for information to propagate.

As for the judge's other findings, circumventing Cleanfeed might result in slower access (para 195). This will depend on the measure used to circumvent the block. The site operators of Newzbin2 have indicated they will provide tools to help bypass the blocks - it is technically feasible to do so with minimal or no performance hit.

The judge also suggested an economic argument (presumably when using paid-for VPN services to bypass the block) (para 196), but this is moot if the previous two arguments are overturned.

A "behavioural change" argument was also advanced (para 197) - for which I have no evidence to contest - but I do take issue with the Judges final remark on the efficacy of blocking (para 198):

"Finally, I agree with counsel for the Studios that the order would be justified even if it only prevented access to Newzbin2 by a minority of users."

I feel this last point has not fully taken into consideration the wider consequences, costs and civil rights implications of introducing a massive censorship system. Not in relation to Newzbin2, but for future sites blocked. The floodgates are now well and truly open, and we need to ensure no legitimate websites get washed away in the process. We also need to ensure the obligation on ISPs does not hinder investment in new, faster technology.

What next?

We know other ISPs have been asked to voluntarily block Newzbin2. Will they comply? Will they be hit with legal costs should they fail to comply and the studios turn to the High Court for a blocking order? What about ISPs that don't have Cleanfeed?

What if they have different blocking systems which lack the granularity to block an IP address + URL combination, will this lead to over-blocking of all other sites? This last question is pertinent as I noted above now that IP addresses are going to be added to the block list on a continual basis, and any site "whose sole or predominant purpose is to enable or facilitate access to the Newzbin[2] website" can be blocked?

Will rights holders apply to block other sites? Will ISPs challenge that? Will ISPs be hit with costs should their challenges fail? Who will look after the public interest and ensure the censorship system does not block legitimate sites?

4 comments:

It's to be hoped *cough* that no-one posts details of how to circumvent the ban, into forums and comments on random websites (which statistically might *cough* include, say, those of newspapers, political parties and MPs), then notifies BT or the studio lobby.

It is not at all clear if or how Cleanfeed handles https traffic or http traffic that does not contain a URL in the header. Richard Clayton, in his article "Will Newzbin be Blocked", says that blocking an https address is outside the scope of Cleanfeed.

OFCOM raise https as a circumvention issue with URL based blocking.

It is possible that the known information about Cleanfeed is wrong or incomplete, but these facets are by no means clear by the technical matters in the judgment.

Paras 6 and 7 of the October judgment as good as disclose the fact that there were technical issues that ought to have been revealed earlier that then had to be addressed. That raises issues as to whether the lawyers and experts on both sides are really familiar with the real issues. Having happened once, who is to say it has not happened again.

One wonders whether the next stage of this saga will be widespread trivial circumvention that cannot be catered for within the terms of the order, and that Mr Justice Arnold gets a return visit from the parties sooner rather than later.